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Amendments to the Claims : 

This listing of claims replaces all prior versions and listings of claims in the 
application: 

Listing of Claims: 

1-65. (Cancelled) 

66. (Previously Presented) A method of monitoring access requests to access 
providers comprising: 

observing, using an intermediary device other than an access providing host that assigns 
resources responsive to inbound access requests, information identifying a requestor based on 
receipt of the requestor's submission of an access request to a first access providing host; 

accessing, using the intermediary device, stored information identifying previous 
requestors, of the first access providing host as well as of other access providing hosts, that are 
determined to have submitted a previous access request that has timed out prior to submission of 
an acknowledgement corresponding to the previous access request; 

comparing, using the intermediary device, the observed information identifying the 
requestor to the stored information identifying previous requestors; and 

when the comparison reveals that the requestor has submitted a previous access request 
that has timed out prior to submission of an acknowledgement corresponding to the previous 
access request, denying, using the intermediary device, the access request submitted by the 
requestor while denying passage of the access request to the first access providing host. 

67. (Previously Presented) The method of claim 66 wherein denying, using the 
intermediary device, the access request submitted by the requestor while denying passage of the 
access request to the first access providing host comprises denying, using the intermediary 
device, the access request submitted by the requestor when the comparison reveals that the 
requestor has submitted a previous access request that has timed out prior to submission of an 



Applicant 
Serial No. 
Filed 

Page 



Christopher J. Wright et al. 
10/698,933 
November 3, 2003 
3 of 16 



Attorney's Docket No.: 24838-0002002 / Security 05- 
CON 



acknowledgement corresponding to the previous access request based on a previous access 
request submitted to an access providing host other than the first access providing host. 

68. (Previously Presented) The method of claim 66 wherein the intermediary device 
is a switch capable of performing load balancing for the first access providing host as well as the 
other access providing hosts. 

69. (Previously Presented) The method of claim 66 further comprising: 

denying the access request in response to a determination that a return address included in 
the access request differs from an actual return address of the requestor's device. 

70. (Previously Presented) A networking device, other than an access providing host 
that assigns resources responsive to inbound access requests, comprising: 

a processor; and 

a memory encoded with machine readable instructions that, when executed by the 
processor, operate to cause the processor to perform operations comprising: 

observing information identifying a requestor based on receipt of the requestor's 
submission of an access request to a first access providing host; 

accessing stored information identifying previous requestors, of the first access 
providing host as well as of other access providing hosts, that are determined to have 
submitted a previous access request that has timed out prior to submission of an 
acknowledgement corresponding to the previous access request; 

comparing the observed information identifying the requestor to the stored 
information identifying previous requestors; and 

when the comparison reveals that the requestor has submitted a previous access 
request that has timed out prior to submission of an acknowledgement corresponding to 
the previous access request, denying the access request submitted by the requestor while 
denying passage of the access request to the first access providing host. 
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71. (Previously Presented) A storage medium encoded with instructions that, when 
executed by a processing device, operate to cause the processing device to perform operations 
comprising: 

observing, using an intermediary device other than an access providing host that assigns 
resources responsive to inbound access requests, information identifying a requestor based on 
receipt of the requestor's submission of an access request to a first access providing host; 

accessing, using the intermediary device, stored information identifying previous 
requestors, of the first access providing host as well as of other access providing hosts, that are 
determined to have submitted a previous access request that has timed out prior to submission of 
an acknowledgement corresponding to the previous access request; 

comparing, using the intermediary device, the observed information identifying the 
requestor to the stored information identifying previous requestors; and 

when the comparison reveals that the requestor has submitted a previous access request 
that has timed out prior to submission of an acknowledgement corresponding to the previous 
access request, denying, using the intermediary device, the access request submitted by the 
requestor while denying passage of the access request to the first access providing host. 

72-79. (Cancelled) 

80. (Previously Presented) The method of claim 66 further comprising, when the 
comparison reveals that the requestor has not submitted a previous access request that has timed 
out prior to submission of an acknowledgement corresponding to the previous access request, 
monitoring, using the intermediary device, a partially-completed connection transaction resulting 
from the access request to determine whether a time out condition occurs prior to requestor 
submission of an acknowledgement corresponding to the access request. 

81. (Previously Presented) The method of claim 80 further comprising, to the extent 
that a time out condition is determined to exist, adding, using the intermediary device, 
information identifying the requestor to the stored information identifying previous requestors 
for use in comparing against future requestors that submit an access request. 
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82. (Previously Presented) The networking device of claim 70 wherein denying the 
access request submitted by the requestor while denying passage of the access request to the first 
access providing host comprises denying the access request submitted by the requestor when the 
comparison reveals that the requestor has submitted a previous access request that has timed out 
prior to submission of an acknowledgement corresponding to the previous access request based 
on a previous access request submitted to an access providing host other than the first access 
providing host. 

83. (Previously Presented) The networking device of claim 70 wherein the 
networking device is a switch capable of performing load balancing for the first access providing 
host as well as the other access providing hosts. 

84. (Previously Presented) The networking device of claim 70 wherein the memory 
is further encoded with machine readable instructions that, when executed by the processor, 
operate to cause the processor to perform operations comprising: 

denying the access request in response to a determination that a return address included in 
the access request differs from an actual return address of the requestor's device. 

85. (Previously Presented) The networking device of claim 70 wherein the memory 
is further encoded with machine readable instructions that, when executed by the processor, 
operate to cause the processor to perform operations comprising, when the comparison reveals 
that the requestor has not submitted a previous access request that has timed out prior to 
submission of an acknowledgement corresponding to the previous access request, monitoring a 
partially-completed connection transaction resulting from the access request to determine 
whether a time out condition occurs prior to requestor submission of an acknowledgement 
corresponding to the access request. 

86. (Previously Presented) The networking device of claim 85 wherein the memory 
is further encoded with machine readable instructions that, when executed by the processor, 
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operate to cause the processor to perform operations comprising, to the extent that a time out 
condition is determined to exist, adding information identifying the requestor to the stored 
information identifying previous requestors for use in comparing against future requestors that 
submit an access request. 

87. (Previously Presented) The storage medium of claim 71 wherein denying, using 
the intermediary device, the access request submitted by the requestor while denying passage of 
the access request to the first access providing host comprises denying, using the intermediary 
device, the access request submitted by the requestor when the comparison reveals that the 
requestor has submitted-a previous access request that has timed out prior to submission of an 
acknowledgement corresponding to the previous access request based on a previous access 
request submitted to an access providing host other than the first access providing host. 

88. (Previously Presented) The storage medium of claim 71 wherein the intermediary 
device is a switch capable of performing load balancing for the first access providing host as well 
as the other access providing hosts. 

89. (Previously Presented) The storage medium of claim 71 wherein the storage 
medium is further encoded with instructions that, when executed by the processing device, 
operate to cause the processing device to perform operations comprising: 

denying the access request in response to a determination that a return address included in 
the access request differs from an actual return address of the requestor's device. 

90. (Previously Presented) The storage medium of claim 71 wherein the storage 
medium is further encoded with instructions that, when executed by the processing device, 
operate to cause the processing device to perform operations comprising, when the comparison 
reveals that the requestor has not submitted a previous access request that has timed out prior to 
submission of an acknowledgement corresponding to the previous access request, monitoring, 
using the intermediary device, a partially-completed connection transaction resulting from the 
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access request to determine whether a time out condition occurs prior to requestor submission of 
an acknowledgement corresponding to the access request. 

91. (Previously Presented) The storage medium of claim 90 wherein the storage 
medium is further encoded with instructions that, when executed by the processing device, 
operate to cause the processing device to perform operations comprising, to the extent that a time 
out condition is determined to exist, adding, using the intermediary device, information 
identifying the requestor to the stored information identifying previous requestors for use in 
comparing against future requestors that submit an access request. 

92. (New) A method of handling connection transactions, the method comprising: 
receiving, at an intermediary device, a connection transaction request from a requestor 

device that requests access to an access providing host; 

using information identifying requestor devices, of other access providing hosts, that 
previously submitted a partially-completed connection transaction request to determine whether 
to block the connection transaction request to the access providing host; and 

blocking, at the intermediary device, the connection transaction request in response to a 
determination to block the connection transaction request. 

93. (New) The method of claim 92 wherein using information identifying requestor 
devices, of other access providing hosts, that previously submitted a partially-completed 
connection transaction request to determine whether to block the connection transaction request 
to the access providing host comprises monitoring connection transaction requests across 
multiple access providing hosts. 



94. (New) The method of claim 93 wherein monitoring connection transaction 
requests across multiple access providing hosts comprises measuring timing of connection 
transaction requests across multiple access providing hosts. 
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95. (New) The method of claim 92 wherein using information identifying requestor 
devices, of other access providing hosts, that previously submitted a partially-completed 
connection transaction request to determine whether to block the connection transaction request 
to the access providing host comprises comparing, at the intermediary device, an identity of the 
requestor device to information identifying requestor devices, of the access providing host as 
well as the other access providing hosts, that previously submitted a partially-completed 
connection transaction request that reached a time out condition prior to receipt of an 
acknowledgement corresponding to the partially-completed connection transaction request. 

96. (New) The method of claim 92 wherein the intermediary device is a switch 
capable of performing load balancing for the access providing host. 

97. (New) The method of claim 92 further comprising, in response to a determination 
not to block the connection transaction request, determining, at the intermediary device, whether 
the connection transaction request results in a partially-completed connection transaction in 
which a time out condition is reached prior to receipt of an acknowledgement corresponding to 
the connection transaction request. 

98. (New) The method of claim 97 further comprising, in response to a determination 
that the connection transaction request has reached a time out condition prior to receipt of an 
acknowledgement corresponding to the connection transaction request, terminating the 
connection transaction request. 

99. (New) The method of claim 97 further comprising, in response to a determination 
that the connection transaction request has reached a time out condition prior to receipt of an 
acknowledgement corresponding to the connection transaction request, adding the requestor 
device to the information identifying requestor devices that previously submitted a partially- 
completed connection transaction request to enable blocking of future connection transaction 
requests received from the requestor device. 
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100. (New) The method of claim 92 wherein, at the time of blocking the connection 
transaction request, the intermediary device has not previously received, from the requestor 
device, a connection transaction request that requested access to the access providing host. 

101. (New) The method of claim 92 further comprising delaying termination of a 
partially-completed connection transaction based on the connection transaction request to allow 
the intermediary device to continue monitoring communications from the requestor device to the 
access providing host as well as the other access providing hosts. 

102. (New) The method of claim 92 further comprising: 

blocking, at the intermediary device, the connection transaction request in response to a 
determination that a return address included in the connection transaction request differs from an 
actual return address of the requestor device. 

103. (New) A networking device comprising: 
a processor; and 

a memory encoded with machine readable instructions that, when executed by the 
processor, operate to cause the processor to perform operations comprising: 

receiving a connection transaction request from a requestor device that requests 
access to an access providing host; 

using information identifying requestor devices, of other access providing hosts, 
that previously submitted a partially-completed connection transaction request to 
determine whether to block the connection transaction request to the access providing 
host; and 

blocking the connection transaction request in response to a determination to 
block the connection transaction request. 



104. (New) The networking device of claim 103 wherein using information 
identifying requestor devices, of other access providing hosts, that previously submitted a 
partially-completed connection transaction request to determine whether to block the connection 
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transaction request to the access providing host comprises monitoring connection transaction 
requests across multiple access providing hosts. 

105. (New) The networking device of claim 104 wherein monitoring connection 
transaction requests across multiple access providing hosts comprises measuring timing of 
connection transaction requests across multiple access providing hosts. 

106. (New) The networking device of claim 103 wherein using information 
identifying requestor devices, of other access providing hosts, that previously submitted a 
partially-completed connection transaction request to determine whether to block the connection 
transaction request to the access providing host comprises comparing an identity of the requestor 
device to information identifying requestor devices, of the access providing host as well as the 
other access providing hosts, that previously submitted a partially-completed connection 
transaction request that reached a time out condition prior to receipt of an acknowledgement 
corresponding to the partially-completed connection transaction request. 

107. (New) The networking device of claim 103 wherein the networking device is a 
switch capable of performing load balancing for the access providing host. 

108. (New) The networking device of claim 103 wherein the memory is further 
encoded with machine readable instructions that, when executed by the processor, operate to 
cause the processor to perform operations comprising: 

in response to a determination not to block the connection transaction request, 
determining whether the connection transaction request results in a partially-completed 
connection transaction in which a time out condition is reached prior to receipt of an 
acknowledgement corresponding to the connection transaction request. 



109. (New) The networking device of claim 108 wherein the memory is further 
encoded with machine readable instructions that, when executed by the processor, operate to 
cause the processor to perform operations comprising: 
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in response to a determination that the connection transaction request has reached a time 
out condition prior to receipt of an acknowledgement corresponding to the connection 
transaction request, terminating the connection transaction request. 

1 10. (New) The networking device of claim 108 wherein the memory is further 
encoded with machine readable instructions that, when executed by the processor, operate to 
cause the processor to perform operations comprising: 

in response to a determination that the connection transaction request has reached a time 
out condition prior to receipt of an acknowledgement corresponding to the connection 
transaction request, adding the requestor device to the information identifying requestor devices 
that previously submitted a partially-completed connection transaction request to enable blocking 
of future connection transaction requests received from the requestor device. 

111. (New) The networking device of claim 103 wherein, at the time of blocking the 
connection transaction request, the networking device has not previously received, from the 
requestor device, a connection transaction request that requested access to the access providing 
host. 

1 12. (New) The networking device of claim 103 wherein the memory is further 
encoded with machine readable instructions that, when executed by the processor, operate to 
cause the processor to perform operations comprising: 

delaying termination of a partially-completed connection transaction based on the 
connection transaction request to allow the networking device to continue monitoring 
communications from the requestor device to the access providing host as well as the other 
access providing hosts. 



113. (New) The networking device of claim 103 wherein the memory is further 
encoded with machine readable instructions that, when executed by the processor, operate to 
cause the processor to perform operations comprising: 



Applicant : Christopher J. Wright et al. Attorney's Docket No.: 24838-0002002 / Security 05- 

SerialNo. : 10/698,933 ' CON 

Filed : November 3, 2003 
Page : 12 of 16 

blocking the connection transaction request in response to a determination that a return 
address included in the connection transaction request differs from an actual return address of the 
requestor device. 



